Bad news for Dell customes – this vendor has shipped an unsecure, self signed root CA certifcate (eDellRoot) on new Dell desktop and tablet devices. The odd thing: This certificate may be used to sign own certificates and decrypt https-data.
Advertising
The first note about that incident came at reddit.com in a thread Dell ships laptops with rogue root CA, exactly like what happened with Lenovo and Superfish. Then arstechnica.com has published an article Dell does a Superfish, ships PCs with easily cloneable root certificates covering this issue.
Dell users can run a shot test on this site to check, whether the eDellRoot certificate is installed. And if this eDellRoot certificate is present, download and execute the eDellRootCertFix.exe removal tool issed by Dell.
Similar articles
Lenovo ships Superfish adware preinstalled on systems
Komodia SSL certificates and hijacking tech are widely spread
Optional Windows update KB3107998 removes Lenovo USB Blocker tool
In Dell's statement about eDellRoot a user adds a comment with the following question:
What about the equally problematic DSDTestProvider root certificate that seems to have been installed by Dell System Detect on my XPS 13? It has the same properties as eDellRoot & also includes a private key …
So there is a 2nd root certifcate DSDTestProvider shipped with "Dell System Detect" tool, Using this German site https://edell.tlsfun.de/de/ tests whether both certificates are installed on a system.